A Thing
The Green SheetGreen Sheet
Subscribe
Sign in

The Green Sheet Online Edition

February 26, 2024 • Issue 24:02:02

New Products

Broaden JavaScript protection with PCI-compliant platform

Product: PCI DSS 4.0 capabilities for HUMAN Client-side Defense
Company: HUMAN Security Inc.

HUMAN Security Inc., a digital fraud platform focused on disrupting bot attacks, online fraud and abuse across the buyer's journey, created PCI DSS 4.0 capabilities for HUMAN Client-side Defense, a solution designed to help companies meet new requirements for managing browser scripts on payments pages, which become mandatory on March 31, 2025. Jeffrey Zitomer, senior director, product management, HUMAN Security Inc., said, "HUMAN uses a modern defense strategy to safeguard organizations from digital attacks, fraud, and account abuse. Our solutions increase ROI and trust while decreasing customer friction, data contamination and cybersecurity exposure."

Zitomer stated that modern websites deliver critical business functionality by sourcing code from across the internet, some of which may bypass traditional security controls. Criminals can exploit this attack surface to steal cardholder data, he added, a risk that new PCI requirements address. This solution, combined with PCI DSS 4.0 compliance, can further protect against these threats by enabling normal scripts while blocking undesired cardholder data access, he added.

PCI DSS 4.0 requirements

Zitomer further noted that PCI DSS 4.0 requirements apply to all businesses. Even businesses that fully outsource account data storage, payment processing, and transmission to third-party payment service providers must comply with two new browser script requirements. He summarized those requirements as follows:

  1. Requirement 6.4.3 for payment page scripts mandates that a method is implemented to confirm each script is authorized; a method is implemented to assure each script's integrity; and an inventory with written justification of all scripts is maintained.

  2. Requirement 11.6.1 for page script modifications mandates that a change and tamper-detection mechanism is deployed to alert personnel to unauthorized modification to the HTTP headers and the contents of payment pages as received by the consumer browser.

HUMAN Security simplifies payment page management by enabling companies to deploy a single line of JavaScript to authorize, justify and ensure script integrity, Zitomer stated, noting that a cloud back end and user interface will track a firm's progress toward compliance and provide comprehensive risk-scored script inventory and on-demand audit reports. He pointed out that the solution will also alert users to unauthorized changes to scripts and HTTP headers, and these and other risky script behaviors can be blocked with a click or simple policy.

Comprehensive, always-on support

Malicious bots can take over user accounts, payment pages, inventory settings, pricing and content, Zitomer stated, affirming that PCI DSS 4.0 capabilities for HUMAN Client-side Defense can solve for these issues, while providing the following features and benefits:

  • Compliance: Simplify payment page protection in compliance with PCI DSS 4.0 browser script requirements.

  • Automation: Streamline compliance by automating script inventory, authorization and audit reports.

  • Zero trust: Secure credit card information including deep insight into script behavior and zero trust browser security.

  • Selective blocking: Break the value versus security tradeoff by allowing scripts to deliver business value while blocking only undesired actions.

  • Predictive prevention: Protect customers, websites, networks and enterprises from sophisticated bot attacks and adapt quickly to defend from threats yet to come.

Channel partners welcome

Zitomer emphasized that ISOs, agents and sales channel partners will find PCI DSS 4.0 capabilities for HUMAN Client-side Defense to be not only a timely resource for helping clients meet the 2025 deadline for PCI DSS 4.0, but also an asset that is easy to sell, deploy and operate. "It's easy to connect the dots between PCI DSS 4.0 requirements and the product's UI," he said, noting that copying and pasting a single line of code is all that is needed to get the system up and running, delivering continuous protection, enhanced reporting and automated alerts. end of article

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

Prev Next
Facebook
Twitter
LinkedIn

Current Issue

View Archives
View Flipbook

Table of Contents

Lead Story
The year ahead in Washington
Patti Murphy
News
Industry Update
News Briefs
Features
Thriving in our digital business world
Views
The very point of sale: Lifetime customer value
Dale S. Laszig , DSL Direct LlC
AI brings new opportunities to payments
Victor Orlovski , R136 Ventures
Bank ownership: Been there, done that – not quite
Ken Musante , Napa Payments and Consulting
Education
Street SmartsSM:
Trending fraud in 2024
Nick Cucci , Fluid Pay LLC
Harnessing PR to drive payment startup success
Mike Harris , Uproar PR
Company Profile
Sound Payments
New Products
Grow and scale with cross-border omnichannel platform
Unified commerce for consumers , Nuvei Corp.
Broaden JavaScript protection with PCI-compliant platform
PCI DSS 4.0 capabilities for HUMAN Client-side Defense , HUMAN Security Inc.
Inspiration
Appreciate the journey
Departments
Letter from the editor
Readers Speak: Shifting tides in fintech: from B2C to B2B
Resource Guide
Datebook
A Thing